From c66fbba36646f51ee0c696ffdfa18e5c820c29bc Mon Sep 17 00:00:00 2001 From: Simon Rettberg Date: Thu, 14 Dec 2017 12:55:30 +0100 Subject: [sysconfig] Allow remapping of attributes for AD too --- .../sysconfig/addmodule_adauth.inc.php | 29 +++++++++++----- .../sysconfig/addmodule_ldapauth.inc.php | 40 +++++----------------- .../sysconfig/inc/configmodule.inc.php | 7 ++-- .../sysconfig/inc/configmodulebaseldap.inc.php | 21 ++++++++++++ modules-available/sysconfig/lang/de/messages.json | 2 +- modules-available/sysconfig/lang/en/messages.json | 2 +- .../sysconfig/templates/ad-selfsearch.html | 6 ++++ .../sysconfig/templates/ad-start.html | 36 ++++++++++++------- 8 files changed, 86 insertions(+), 57 deletions(-) (limited to 'modules-available') diff --git a/modules-available/sysconfig/addmodule_adauth.inc.php b/modules-available/sysconfig/addmodule_adauth.inc.php index 6e4463ae..07806061 100644 --- a/modules-available/sysconfig/addmodule_adauth.inc.php +++ b/modules-available/sysconfig/addmodule_adauth.inc.php @@ -13,7 +13,7 @@ class AdAuth_Start extends AddModule_Base protected function renderInternal() { - $ADAUTH_COMMON_FIELDS = array('title', 'server', 'searchbase', 'binddn', 'bindpw', 'home', 'homeattr', 'ssl', 'fixnumeric', 'certificate'); + $ADAUTH_COMMON_FIELDS = array('title', 'server', 'searchbase', 'binddn', 'bindpw', 'home', 'homeattr', 'ssl', 'fixnumeric', 'certificate', 'mapping'); $data = array(); if ($this->edit !== false) { moduleToArray($this->edit, $data, $ADAUTH_COMMON_FIELDS); @@ -31,7 +31,12 @@ class AdAuth_Start extends AddModule_Base if (isset($data['server']) && preg_match('/^(.*)\:(636|3269|389|3268)$/', $data['server'], $out)) { $data['server'] = $out[1]; } + if (isset($data['homeattr']) && !isset($data['mapping']['homemount'])) { + $data['mapping']['homemount'] = $data['homeattr']; + } $data['step'] = 'AdAuth_CheckConnection'; + $data['map_empty'] = true; + $data['mapping'] = ConfigModuleBaseLdap::getMapping(isset($data['mapping']) ? $data['mapping'] : false, $data['map_empty']); Render::addDialog(Dictionary::translateFile('config-module', 'adAuth_title'), false, 'ad-start', $data); } @@ -67,10 +72,11 @@ class AdAuth_CheckConnection extends AddModule_Base if (preg_match('/^([^\:]+)\:(\d+)$/', $this->server, $out)) { $ports = array($out[2]); $this->server = $out[1]; + // Test the default ports twice since the other one might not return all required data (home directory) } elseif ($ssl) { - $ports = array(636, 3269); + $ports = array(636, 3269, 636); } else { - $ports = array(389, 3268); + $ports = array(389, 3268, 389); } $this->scanTask = Taskmanager::submit('PortScan', array( 'host' => $this->server, @@ -97,7 +103,8 @@ class AdAuth_CheckConnection extends AddModule_Base 'ssl' => Request::post('ssl'), 'fixnumeric' => Request::post('fixnumeric'), 'certificate' => Request::post('certificate', ''), - 'taskid' => $this->scanTask['id'] + 'taskid' => $this->scanTask['id'], + 'mapping' => ConfigModuleBaseLdap::getMapping(Request::post('mapping', false, 'array')), ); $data['prev'] = 'AdAuth_Start'; if ((preg_match(AD_BOTH_REGEX, $this->bindDn) > 0) || (strlen($this->searchBase) < 2)) { @@ -157,8 +164,8 @@ class AdAuth_SelfSearch extends AddModule_Base $taskData['filter'] = 'sAMAccountName=' . $out[2]; } elseif (preg_match(AD_AT_REGEX, $binddn, $out) && !empty($out[1])) { $this->originalBindDn = $binddn; - $taskData['filter'] = 'sAMAccountName=' . $out[1]; - } elseif (preg_match('/^cn\=([^\=]+),.*?,dc\=([^\=]+),/i', Ldap::normalizeDn($binddn), $out)) { + $taskData['filter'] = 'userPrincipalName=' . $binddn; + } elseif (preg_match('/^cn\=([^\=]+),.*?dc\=([^\=]+),/i', Ldap::normalizeDn($binddn), $out)) { if (empty($selfSearchBase)) { $this->originalBindDn = $out[2] . '\\' . $out[1]; $taskData['filter'] = 'sAMAccountName=' . $out[1]; @@ -198,6 +205,7 @@ class AdAuth_SelfSearch extends AddModule_Base 'fingerprint' => Request::post('fingerprint'), 'certificate' => Request::post('certificate', ''), 'originalbinddn' => $this->originalBindDn, + 'mapping' => ConfigModuleBaseLdap::getMapping(Request::post('mapping', false, 'array')), 'prev' => 'AdAuth_Start' ); if (empty($data['homeattr'])) { @@ -275,6 +283,7 @@ class AdAuth_HomeAttrCheck extends AddModule_Base 'certificate' => Request::post('certificate', ''), 'originalbinddn' => Request::post('originalbinddn'), 'tryHomeAttr' => true, + 'mapping' => ConfigModuleBaseLdap::getMapping(Request::post('mapping', false, 'array')), 'prev' => 'AdAuth_Start', 'next' => 'AdAuth_CheckCredentials' )) @@ -316,7 +325,8 @@ class AdAuth_CheckCredentials extends AddModule_Base 'server' => $uri, 'searchbase' => $searchbase, 'binddn' => $binddn, - 'bindpw' => $bindpw + 'bindpw' => $bindpw, + 'mapping' => Request::post('mapping', false, 'array'), )); if (!isset($ldapSearch['id'])) { AddModule_Base::setStep('AdAuth_Start'); // Continues with AdAuth_Start for render() @@ -325,8 +335,6 @@ class AdAuth_CheckCredentials extends AddModule_Base $this->taskIds = array( 'tm-search' => $ldapSearch['id'] ); - if (isset($selfSearch['id'])) - $this->taskIds['self-search'] = $selfSearch['id']; } protected function renderInternal() @@ -345,6 +353,7 @@ class AdAuth_CheckCredentials extends AddModule_Base 'fingerprint' => Request::post('fingerprint'), 'certificate' => Request::post('certificate', ''), 'originalbinddn' => Request::post('originalbinddn'), + 'mapping' => ConfigModuleBaseLdap::getMapping(Request::post('mapping', false, 'array')), 'prev' => 'AdAuth_Start', 'next' => 'AdAuth_HomeDir' )) @@ -408,6 +417,7 @@ class AdAuth_HomeDir extends AddModule_Base 'fingerprint' => Request::post('fingerprint'), 'certificate' => Request::post('certificate', ''), 'originalbinddn' => Request::post('originalbinddn'), + 'mapping' => ConfigModuleBaseLdap::getMapping(Request::post('mapping', false, 'array')), 'prev' => 'AdAuth_Start', 'next' => 'AdAuth_Finish' ); @@ -466,6 +476,7 @@ class AdAuth_Finish extends AddModule_Base $module->setData('homeattr', Request::post('homeattr')); $module->setData('certificate', Request::post('certificate')); $module->setData('ssl', $ssl); + $module->setData('mapping', Request::post('mapping', false, 'array')); $module->setData('fixnumeric', Request::post('fixnumeric', '', 'string')); foreach (AdAuth_HomeDir::getAttributes() as $key) { $value = Request::post($key); diff --git a/modules-available/sysconfig/addmodule_ldapauth.inc.php b/modules-available/sysconfig/addmodule_ldapauth.inc.php index 310be063..a193f779 100644 --- a/modules-available/sysconfig/addmodule_ldapauth.inc.php +++ b/modules-available/sysconfig/addmodule_ldapauth.inc.php @@ -7,33 +7,9 @@ class LdapAuth_Start extends AddModule_Base { - public static function getMapping($config = false, &$empty = true) - { - $list = array( - ['name' => 'uid', 'field' => 'uid'], - ['name' => 'uidnumber', 'field' => 'uidnumber'], - ['name' => 'uncHomePath', 'field' => 'homemount'], - ['name' => 'homeDirectory', 'field' => 'localhome'], - ['name' => 'posixAccount', 'field' => 'posixAccount'], - ['name' => 'shadowAccount', 'field' => 'shadowAccount'], - ); - if (is_array($config)) { - foreach ($list as &$item) { - if (!empty($config[$item['field']])) { - $item['value'] = $config[$item['field']]; - $empty = false; - } - if ($item['field'] === 'homemount' && !empty($config['homeattr']) && empty($config['value'])) { - $item['value'] = $config['homeattr']; - } - } - } - return $list; - } - protected function renderInternal() { - $LDAPAUTH_COMMON_FIELDS = array('title', 'server', 'searchbase', 'binddn', 'bindpw', 'home', 'ssl', 'fixnumeric', 'certificate', 'mapping'); + $LDAPAUTH_COMMON_FIELDS = array('title', 'server', 'searchbase', 'binddn', 'bindpw', 'home', 'homeattr', 'ssl', 'fixnumeric', 'certificate', 'mapping'); $data = array(); if ($this->edit !== false) { moduleToArray($this->edit, $data, $LDAPAUTH_COMMON_FIELDS); @@ -47,9 +23,12 @@ class LdapAuth_Start extends AddModule_Base if (isset($data['server']) && preg_match('/^(.*)\:(636|389)$/', $data['server'], $out)) { $data['server'] = $out[1]; } + if (isset($data['homeattr']) && !isset($data['mapping']['homemount'])) { + $data['mapping']['homemount'] = $data['homeattr']; + } $data['step'] = 'LdapAuth_CheckConnection'; $data['map_empty'] = true; - $data['mapping'] = self::getMapping(isset($data['mapping']) ? $data['mapping'] : false, $data['map_empty']); + $data['mapping'] = ConfigModuleBaseLdap::getMapping(isset($data['mapping']) ? $data['mapping'] : false, $data['map_empty']); Render::addDialog(Dictionary::translateFile('config-module', 'ldapAuth_title'), false, 'ldap-start', $data); } @@ -104,7 +83,7 @@ class LdapAuth_CheckConnection extends AddModule_Base 'fixnumeric' => Request::post('fixnumeric'), 'certificate' => Request::post('certificate', ''), 'taskid' => $this->scanTask['id'], - 'mapping' => LdapAuth_Start::getMapping(Request::post('mapping', false, 'array')), + 'mapping' => ConfigModuleBaseLdap::getMapping(Request::post('mapping', false, 'array')), ); $data['prev'] = 'LdapAuth_Start'; $data['next'] = 'LdapAuth_CheckCredentials'; @@ -159,8 +138,6 @@ class LdapAuth_CheckCredentials extends AddModule_Base $this->taskIds = array( 'tm-search' => $ldapSearch['id'] ); - if (isset($selfSearch['id'])) - $this->taskIds['self-search'] = $selfSearch['id']; } protected function renderInternal() @@ -177,7 +154,7 @@ class LdapAuth_CheckCredentials extends AddModule_Base 'fixnumeric' => Request::post('fixnumeric'), 'fingerprint' => Request::post('fingerprint'), 'certificate' => Request::post('certificate', ''), - 'mapping' => LdapAuth_Start::getMapping(Request::post('mapping', false, 'array')), + 'mapping' => ConfigModuleBaseLdap::getMapping(Request::post('mapping', false, 'array')), 'prev' => 'LdapAuth_Start', 'next' => 'LdapAuth_HomeDir', )) @@ -218,7 +195,7 @@ class LdapAuth_HomeDir extends AddModule_Base 'fingerprint' => Request::post('fingerprint'), 'certificate' => Request::post('certificate', ''), 'originalbinddn' => Request::post('originalbinddn'), - 'mapping' => LdapAuth_Start::getMapping(Request::post('mapping', false, 'array')), + 'mapping' => ConfigModuleBaseLdap::getMapping(Request::post('mapping', false, 'array')), 'prev' => 'LdapAuth_Start', 'next' => 'LdapAuth_Finish', ); @@ -278,6 +255,7 @@ class LdapAuth_Finish extends AddModule_Base $module->setData('home', Request::post('home')); $module->setData('certificate', Request::post('certificate')); $module->setData('ssl', $ssl); + $module->setData('mapping', Request::post('mapping', false, 'array')); $module->setData('fixnumeric', Request::post('fixnumeric', '', 'string')); foreach (LdapAuth_HomeDir::getAttributes() as $key) { $value = Request::post($key); diff --git a/modules-available/sysconfig/inc/configmodule.inc.php b/modules-available/sysconfig/inc/configmodule.inc.php index ca40094a..54d06afe 100644 --- a/modules-available/sysconfig/inc/configmodule.inc.php +++ b/modules-available/sysconfig/inc/configmodule.inc.php @@ -16,6 +16,9 @@ abstract class ConfigModule private $moduleTitle = false; private $moduleStatus = false; private $currentVersion = 0; + /** + * @var false|array Data of module, false if not initialized + */ protected $moduleData = false; /** @@ -86,7 +89,7 @@ abstract class ConfigModule * Get fresh instance of ConfigModule subclass for given module type. * * @param string $moduleType name of module type - * @return \ConfigModule module instance + * @return false|\ConfigModule module instance */ public static function getInstance($moduleType) { @@ -117,7 +120,7 @@ abstract class ConfigModule * Get module instance from id. * * @param int $moduleId module id to get - * @return ConfigModule The requested module from DB, or false on error + * @return false|\ConfigModule The requested module from DB, or false on error */ public static function get($moduleId) { diff --git a/modules-available/sysconfig/inc/configmodulebaseldap.inc.php b/modules-available/sysconfig/inc/configmodulebaseldap.inc.php index 55104005..d8a41a8b 100644 --- a/modules-available/sysconfig/inc/configmodulebaseldap.inc.php +++ b/modules-available/sysconfig/inc/configmodulebaseldap.inc.php @@ -10,6 +10,27 @@ abstract class ConfigModuleBaseLdap extends ConfigModule 'shareRemapMode', 'shareRemapCreate', 'shareDocuments', 'shareDownloads', 'shareDesktop', 'shareMedia', 'shareOther', 'shareHomeDrive', 'shareDomain', 'credentialPassthrough', 'mapping'); + public static function getMapping($config = false, &$empty = true) + { + $list = array( + ['name' => 'uid', 'field' => 'uid', 'ad' => 'sAMAccountName'], + ['name' => 'uidnumber', 'field' => 'uidnumber', 'ad' => false], + ['name' => 'uncHomePath', 'field' => 'homemount', 'ad' => 'homeDirectory'], + ['name' => 'homeDirectory', 'field' => 'localhome', 'ad' => false], + ['name' => 'posixAccount', 'field' => 'posixAccount', 'ad' => 'user'], + //['name' => 'shadowAccount', 'field' => 'shadowAccount'], + ); + if (is_array($config)) { + foreach ($list as &$item) { + if (!empty($config[$item['field']])) { + $item['value'] = $config[$item['field']]; + $empty = false; + } + } + } + return $list; + } + protected function generateInternal($tgz, $parent) { Trigger::ldadp($this->id(), $parent); diff --git a/modules-available/sysconfig/lang/de/messages.json b/modules-available/sysconfig/lang/de/messages.json index 0a1f6de3..5bceb2f0 100644 --- a/modules-available/sysconfig/lang/de/messages.json +++ b/modules-available/sysconfig/lang/de/messages.json @@ -2,7 +2,7 @@ "config-activated": "Konfiguration {{0}} wurde aktiviert", "config-deleted": "Konfiguration {{0}} wurde gel\u00f6scht", "config-invalid": "Konfiguration mit ID {{0}} existiert nicht", - "could-not-determine-binddn": "Konnte Bind-DN nicht ermitteln", + "could-not-determine-binddn": "Konnte Bind-DN nicht ermitteln ({{0}})", "invalid-action": "Ung\u00fcltige Aktion: {{0}}", "missing-file": "Es wurde keine Datei ausgew\u00e4hlt!", "missing-title": "Kein Titel eingegeben", diff --git a/modules-available/sysconfig/lang/en/messages.json b/modules-available/sysconfig/lang/en/messages.json index 83f47903..6e50b80c 100644 --- a/modules-available/sysconfig/lang/en/messages.json +++ b/modules-available/sysconfig/lang/en/messages.json @@ -2,7 +2,7 @@ "config-activated": "Configuration {{0}} has been activated", "config-deleted": "Deleted configuration {{0}}", "config-invalid": "Configuration with id {{0}} does not exist", - "could-not-determine-binddn": "Could not determine bind dn", + "could-not-determine-binddn": "Could not determine bind dn ({{0}})", "invalid-action": "Invalid action: {{0}}", "missing-file": "There was no file selected!", "missing-title": "No title given", diff --git a/modules-available/sysconfig/templates/ad-selfsearch.html b/modules-available/sysconfig/templates/ad-selfsearch.html index 6c5bcb8c..6b85b9ed 100644 --- a/modules-available/sysconfig/templates/ad-selfsearch.html +++ b/modules-available/sysconfig/templates/ad-selfsearch.html @@ -39,6 +39,9 @@ {{/ssl}} + {{#mapping}} + + {{/mapping}} @@ -60,6 +63,9 @@ {{/ssl}} + {{#mapping}} + + {{/mapping}} diff --git a/modules-available/sysconfig/templates/ad-start.html b/modules-available/sysconfig/templates/ad-start.html index 1559ad52..7f211343 100644 --- a/modules-available/sysconfig/templates/ad-start.html +++ b/modules-available/sysconfig/templates/ad-start.html @@ -20,40 +20,50 @@
- {{lang_moduleTitle}} + {{lang_moduleTitle}}
- Server * + Server *
- {{lang_bindDN}} * + {{lang_bindDN}} *
- {{lang_password}} * + {{lang_password}} *
- {{lang_searchBase}} + {{lang_searchBase}}
-
- Home + Home
-
- {{lang_homeAttr}} - - - - +
+
+

{{lang_customizeAttrDescAd}}

+ {{#mapping}} + {{#ad}} +
+ {{name}} + +
+ {{/ad}} + {{/mapping}}
+ {{#map_empty}} +
+ {{lang_customizeAttributes}} + +
+ {{/map_empty}}
-- cgit v1.2.3-55-g7522